Spring BlazeDS Integration之spring security(2)---http form登陆

使用场景二：

即，虽然我们使用了Spring BlazeDS Intergration去配置项目，但是登陆页面还是传统的html form 提交。

这也是支持的！

security-config.xml:

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
	xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">

	<http entry-point-ref="entryPoint">
		<anonymous enabled="false" />
		<form-login login-page="/login.jsp"
			authentication-success-handler-ref="simpleLoginSuccessHandler" />
		<remember-me key="testdrive" services-ref="rememberMeServices" />

	</http>

	<beans:bean id="rememberMeServices" 
                    class="org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices">
                     <beans:property name="key" value="testdrive"/>
                     <beans:property name="alwaysRemember" value="true"/>
        </beans:bean>

	<beans:bean id="entryPoint"
		class="org.springframework.flex.security3.FlexAuthenticationEntryPoint" />

	<beans:bean id="simpleLoginSuccessHandler" class="test.SimpleLoginSuccessHandler">
		<beans:property name="defaultTargetUrl" value="/secured/secured.html"></beans:property>
		<beans:property name="forwardToDestination" value="false"></beans:property>
	</beans:bean>

	<authentication-manager>
		<authentication-provider>
			<user-service>
				<user name="john" password="john" authorities="ROLE_USER" />
				<user name="admin" password="admin" authorities="ROLE_USER, ROLE_ADMIN" />
				<user name="guest" password="guest" authorities="ROLE_GUEST" />
			</user-service>
		</authentication-provider>
	</authentication-manager>

</beans:beans>

注意，在这里我配置了authentication-success-handler-ref="simpleLoginSuccessHandler"，其目的是让登陆成功后，可以有一个切入点，让自己干点什么（比如，持久化用户登录信息，获得用户ip，数据库查询用户信息等）。

SimpleLoginSuccessHandler：

package test;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.DefaultRedirectStrategy;
import org.springframework.security.web.RedirectStrategy;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;

public class SimpleLoginSuccessHandler implements AuthenticationSuccessHandler,
		InitializingBean {

	protected Log logger = LogFactory.getLog(getClass());

	private String defaultTargetUrl;

	private boolean forwardToDestination = false;

	private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();

	public String getDefaultTargetUrl() {
		return defaultTargetUrl;
	}

	public void setDefaultTargetUrl(String defaultTargetUrl) {
		this.defaultTargetUrl = defaultTargetUrl;
	}

	public boolean isForwardToDestination() {
		return forwardToDestination;
	}

	public void setForwardToDestination(boolean forwardToDestination) {
		this.forwardToDestination = forwardToDestination;
	}

	@Override
	public void afterPropertiesSet() throws Exception {
		// TODO Auto-generated method stub

	}

	@Override
	public void onAuthenticationSuccess(HttpServletRequest request,
			HttpServletResponse response, Authentication arg2)
			throws IOException, ServletException {
                // TODO 在登陆成功之后，自己想要执行的代码。
		if (this.forwardToDestination) {
			logger.info("Login success,Forwarding to " + this.defaultTargetUrl);

			request.getRequestDispatcher(this.defaultTargetUrl).forward(
					request, response);
		} else {
			logger.info("Login success,Redirecting to " + this.defaultTargetUrl);

			this.redirectStrategy.sendRedirect(request, response,
					this.defaultTargetUrl);
		}
                  
	}

}

login.jsp:

<%@ taglib prefix='c' uri='http://java.sun.com/jstl/core_rt' %>

<!-- Not used unless you declare a <form-login login-page="/login.jsp"/> element -->

<html>
  <head>
    <title>CUSTOM SPRING SECURITY LOGIN</title>
  </head>

  <body οnlοad="document.f.j_username.focus();">
    <h1>CUSTOM SPRING SECURITY LOGIN</h1>

	<P>Valid users:</P>
	<P/>
	<P>username <b>john</b>, password <b>john</b>
	<P>username <b>admin</b>, password <b>admin</b>
	<br>username <b>guest</b>, password <b>guest</b></P>
	<p/>

    <%-- this form-login-page form is also used as the
         form-error-page to ask for a login again.
         --%>
    <c:if test="${not empty param.login_error}">
      <font color="red">
        Your login attempt was not successful, try again.<br/><br/>
        Reason: <c:out value="${SPRING_SECURITY_LAST_EXCEPTION.message}"/>.
      </font>
    </c:if>

    <form name="f" action="<c:url value='j_spring_security_check'/>" method="POST">
      <table>
        <tr><td>User:</td><td><input type='text' name='j_username' value='<c:if test="${not empty param.login_error}"><c:out value="${SPRING_SECURITY_LAST_USERNAME}"/></c:if>'/></td></tr>
        <tr><td>Password:</td><td><input type='password' name='j_password'></td></tr>
        
        <tr><td colspan='2'><input name="submit" type="submit"></td></tr>
        <tr><td colspan='2'><input name="reset" type="reset"></td></tr>
      </table>

    </form>

  </body>
</html>

所以，问题来了，simpleLoginSuccessHandler 只会在http form login 成功之后才被调用！

如果是flex ui 登陆成功，则不会调用simpleLoginSuccessHandler 。如果我想在flex ui登陆成功后，让java端干点啥，怎么办？

请看：Spring BlazeDS Integration之spring security(3)